Y
Hacker News
new
|
ask
|
show
|
jobs
by
mdavidn
702 days ago
Reading the user's profile information _is_ the delegated action. OAuth providers were already doing this prior to OIDC but in incompatible ways. OIDC standardized how that information is requested and returned.
1 comments
tptacek
701 days ago
No, the whole point of OIDC is that permission to read your profile is not semantically the same thing as authenticated sign-on.
link